<?php defined('SYSPATH') or die('No direct script access.');

/**
 * Kotan security reimplementation.
 * @author bagnz0r
 * @package Kotan
 */

class Security extends Kohana_Security {
	
	/**
	 * Clean string out of XSS.
	 * Second param defines whether or not should this method strip HTML out of string.
	 * 
	 * @param string $str
	 * @param bool $strip_html
	 */
	public static function xss_clean($str, $strip_html = true)
	{
		// Encode PHP tags
		$str = Security::encode_php_tags($str);
		
		// Encode HTML special characters
		$str = htmlspecialchars($str);
		
		// Strip slashes
		$str = stripslashes($str);
		
		// Strip HTML
		if ($strip_html)
			$str = strip_tags($str);
		
		return $str;
	}
}